🧠 What is Phishing?
Phishing is a type of cyberattack in which attackers impersonate legitimate entities (like banks, companies, or trusted individuals) to deceive victims into revealing sensitive information or taking risky actions. These attacks often appear in the form of:
- Emails (most common)
- Text messages (SMS)
- Phone calls (voice phishing or “vishing”)
- Fake websites
- Social media messages
The term comes from "fishing," as attackers "bait" victims with seemingly trustworthy content to "hook" them into divulging private data.
🎯 Goals of a Phishing Attack
Phishing can have a variety of malicious objectives, depending on the attacker’s intent. Here are the most common goals:
1. Stealing Credentials
- Target: Usernames, passwords, PINs
- Purpose: Gain unauthorized access to emails, company systems, bank accounts, or cloud platforms
2. Identity Theft
- Target: Personally Identifiable Information (PII) like SSNs, addresses, birthdates
- Purpose: Create fake identities, open bank accounts or credit lines in the victim’s name
3. Financial Gain
- Target: Bank account or credit card details
- Purpose: Direct theft or unauthorized transactions, fraudulent purchases, or business invoice scams
4. Malware Distribution
- Target: Trick users into downloading malicious software (e.g., ransomware, keyloggers)
- Purpose: Compromise devices, hold data hostage, or monitor keystrokes for long-term theft
5. Business Espionage or Data Theft
- Target: Trade secrets, intellectual property, strategic plans
- Purpose: Undermine competitors, sell secrets on dark web, or sabotage business operations
6. Spreading to Others
- Target: Compromising one account to then phish others in the same network
- Purpose: Gain broader access to a company or social circle (especially in spear phishing or BEC)
🛑 Why It Works
Phishing relies on:
- Trust in the sender or brand being impersonated
- Urgency in the message (e.g., “Your account will be closed!”)
- Human error — social engineering exploits emotional responses like fear, curiosity, or helpfulness
Let me know if you'd like a visual breakdown or real-world examples!
Types of Phishing Attacks
Protecting Yourself from Phishing Attacks
Example | Fake Scareware Attack (vishing + credential harvesting)
Common Phishing Attacks
| Type of Attack |
Description |
| 🕵️ Credential Phishing |
Fake login page to steal your email/password |
| 💳 Subscription Scam |
Deceptive sign-up to steal credit card info |
| 🦠 Malware Delivery |
Download prompts that install spyware/Trojans |